User manual

Chapter 38 Anti-Spam
ZyWALL USG 300 User’s Guide
689
Here is an example of an e-mail classified as spam based on DNSBL replies.
Figure 470 DNSBL Spam Detection Example
1 The ZyWALL receives an e-mail that was sent from IP address a.a.a.a and relayed
by an e-mail server at IP address b.b.b.b. The ZyWALL sends a separate query to
each of its DNSBL domains for IP address a.a.a.a. The ZyWALL sends another
separate query to each of its DNSBL domains for IP address b.b.b.b.
2 DNSBL A replies that IP address a.a.a.a does not match any entries in its list (not
spam).
3 DNSBL C replies that IP address b.b.b.b matches an entry in its list.
4 The ZyWALL immediately classifies the e-mail as spam and takes the action for
spam that you defined in the anti-spam policy. In this example it was an SMTP
mail and the defined action was to drop the mail. The ZyWALL does not wait for
any more DNSBL replies.
DNSBL A
DNSBL B
DNSBL C
IPs: a.a.a.a
b.b.b.b
1
2
a
.
a
.
a
.
a
N
o
t
s
p
a
m
3
4
a
.
a
.
a
.
a
?
b
.
b
.
b
.
b
?
a
.
a
.
a
.
a
?
b
.
b
.
b
.
b
?
a.a.a.a?
b.b.b.b?
b
.
b
.
b
.
b
S
p
a
m